+1
On Fri, Mar 28, 2014 at 3:30 PM, Josh Elser <[email protected]> wrote: > Clarification on javadocs, the generated 1.5.1 javadocs were not vulnerable > and required no patching. > > That said, I'm still in favor of bumping to jdk7. > On Mar 28, 2014 11:36 AM, "Christopher" <[email protected]> wrote: > > > I want to bump the minimum supported version of Java to 7 for the next > > version after the 1.6.x series. (Currently, this is tracked in JIRA as > > 1.7.0, and the master branch in git). > > > > We've discussed this in detail for 1.5.0 and 1.6.0, and it has been > > postponed for various reasons. I'd rather not rehash those discussions > > in detail, but I really think it's time to do it. So, if you have a > > serious objection that you think is still valid, and would warrant > > delaying further, I'd like to hear it. > > > > FYI, JDK6 reached EOL over a year ago, and JDK7 will reach EOL next > > year around this time. Some Linux distributions aren't even planning > > to provide JDK7 in their repos, and provide only JDK8 (just released), > > because it's expected to EOL within their support lifecycle. It'd be > > nice to develop newer versions on a modern Linux OS without jumping > > through hoops. JDK7 has been available in CentOS/RHEL for some time > > now, and I'd be surprised if RHEL7 (still in beta) included JRE6 at > > all. > > > > Plus, now there's the known javadoc6 vulnerabilities which require us > > patching javadocs before putting on the website (which we don't do for > > the javadoc jars, because they build with JDK6, so they would be > > vulnerable if somebody dumped them and pushed them onto a website). > > > > -- > > Christopher L Tubbs II > > http://gravatar.com/ctubbsii > > > -- // Bill Havanki // Solutions Architect, Cloudera Govt Solutions // 443.686.9283
